Please AMEND the claims as follows: 



1. (Currently Amended) In a server adapted for authentication, authorization, and 
accounting, a method of generating a shared key between a Home Agent and a Mobile Node, 
comprising: 

receiving a request message from a Home Agent, the request message identifying the 
Mobile Node; 

deriving key information from a key or password associated with the Mobile Node; 

and 

sending a reply message to the Home Agent, the reply message including the key 
information associated with the Mobile Node, thereby enabling the Home Agent to derive a 
shared key to be shared between the Mobile Node and the Home Agent from the key 
information; 

wherein the reply message does not include the shared key to be shared between the 
Mobile Node and the Home Agent in any form . 

2. (Original) The method as recited in claim 1, wherein deriving key information 
comprises: 

deriving the key information from a second set of key information derived from the 
key or password. 

3. (Original) The method as recited in claim 1, wherein deriving key information 
comprises: 

obtaining the derived key information from a domain controller or server. 
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4. (Original) The method as recited in claim 1, wherein the request message is an 
access request message and the reply message is an access reply message. 



5. (Cancelled) 

6. (Previously Presented) The method as recited in claim 1 & 9 further comprising: 
obtaining the key or password from a domain controller. 

7. (Original) The method as recited in claim 6, wherein obtaining the key or 
password from the domain controller comprises: 

sending a request to the domain controller for key or password associated with the 
Mobile Node; and 

receiving the key or password associated with the Mobile Node from the domain 
controller. 

8. (Origina) The method as recited in claim 1, further comprising: 
applying the key information to authenticate the request message. 

9. (Original) The method as recited in claim 1, wherein the key or password is 
stored at the Mobile Node, thereby enabling the Mobile Node to derive the key information 
from the key or password. 

10. (Currently Amended) In a Home Agent supporting Mobile IP, a method of 
authenticating a Mobile Node, comprising: 
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receiving a Mobile IP registration request from a Mobile Node, the Mobile IP 
registration request identifying the Mobile Node; 

sending a request message to a AAA server, the request message identifying the 
Mobile Node; 

receiving a reply message from the AAA server, the reply message including key 
information associated with the Mobile Node; 

deriving a key from the key information, the key being a shared key between the 
Mobile Node and the Home Agent , wherein deriving the key from the key information does 
not include decryption of the key information ; and 

sending a Mobile IP registration reply to the Mobile Node, wherein the Mobile IP 
registration reply does not include the key in any form . 

1 1 . (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration request includes a CHAP challenge and response. 

12. (Previously Presented) The method as recited in claim 10, wherein deriving a 
key from the key information comprises deriving the key from the key information and a 
CHAP challenge and response obtained from the Mobile IP registration request. 

13. (Previously Presented) The method as recited in claim 10, wherein deriving the 
key and sending the Mobile IP registration reply to the Mobile Node are performed when the 
reply message received from the AAA server indicates that the Mobile Node is successfully 
authenticated. 



14. (Original) The method as recited in claim 10, wherein the request message is an 
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access request message and the reply message is an access reply message. 

15. (Original) The method as recited in claim 10, wherein the Mobile Node is to 
derive the shared key from a second set of key information stored at the Mobile Node. 

16. (Original) The method as recited in claim 15, wherein the key information is 
equivalent to the second set of key information. 

17. (Original) The method as recited in claim 15, wherein the second set of key 
information stored at the Mobile Node is a root key, a password, or a key shared between the 
Mobile Node and the Home Agent in a previous session. 

18. (Original) The method as recited in claim 17, wherein the registration request 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration reply, wherein the SPI, the replay protection timestamp, and the 
algorithm are associated with the second set of key information. 

19. (Original) The method as recited in claim 18, further comprising: 

installing the derived key, the SPI, the replay protection timestamp, and the algorithm 
in a security association. 

20. (Original) The method as recited in claim 17, wherein the registration reply 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration reply, wherein the SPI, the replay protection timestamp, and the 
algorithm are associated with the second set of key information. 
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21. (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration reply indicates that the Mobile Node is to derive the shared key between the 
Mobile Node and the Home Agent. 

22. (Previously Presented) The method as recited in claim 21, wherein at least one 
of the presence of one or more extensions in the Mobile IP registration reply and an SPI in 
the Mobile IP registration reply indicates that the Mobile Node is to derive the shared key 
between the Mobile Node and the Home Agent. 

23. (Previously Presented) The method as recited in claim 10, wherein the Mobile 
IP registration request indicates that the Home Agent is to derive the shared key between the 
Mobile Node and the Home Agent from the key information. 

24. (Previously Presented) The method as recited in claim 23, wherein at least one 
of the presence of one or more extensions in the Mobile IP registration request and an SPI in 
the Mobile IP registration request indicates that the Home Agent is to derive the shared key 
between the Mobile Node and the Home Agent. 

25. (Previously Presented) The method as recited in claim 23, wherein the presence 
of an authentication protocol extension in the Mobile IP registration request indicates a 
protocol to be used to authenticate the Mobile IP registration request and derive the shared 
key. 



26. (Original) The method as recited in claim 23, wherein the presence of a session 
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key extension and derived session key extension in the registration request indicates that both 
a session key and a derived session key are to be generated and installed. 

27. (Previously Presented) The method as recited in claim 26, further comprising: 
receiving a subsequent Mobile IP registration request from the Mobile Node to 

refresh the derived session key. 

28. (Previously Presented) The method as recited in claim 27, further comprising: 
authenticating the subsequent Mobile IP registration request using the session key. 

29. (Previously Presented) The method as recited in claim 27, further comprising: 
sending a subsequent Mobile IP registration reply to the Mobile Node including the 

derived session key extension, wherein the Mobile IP registration reply is to be authenticated 
by the Mobile Node using the session key. 

30. (Original) The method as recited in claim 10, wherein the key information is a 
previously used session key shared between the Mobile Node and the Home Agent. 

31. (Original) The method as recited in claim 10, wherein the key information is 
derived from a password associated with the Mobile Node. 

32. (Cancelled) 

33. (Original) The method as recited in claim 10, further comprising: 
deriving a subsequent key from the shared key. 
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34. (Original) The method as recited in claim 33, wherein deriving the subsequent 
key from the shared key is performed when a binding associated with the Mobile Node is 
cleared. 

35. (Original) The method as recited in claim 34, wherein the binding associated with 
the Mobile Node is cleared upon expiration of the lifetime of the Mobile Node or de- 
registration of the Mobile Node. 

36. (Currently Amended) In a Mobile Node, a method of registering with a Home Agent 
supporting Mobile IP, comprising: 

sending a registration request to the Home Agent; 

receiving a registration reply from the Home Agent, the registration reply indicating 
that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home 
Agent, wherein the registration reply does not include the key to be shared between the 
Mobile Node and the Home Agent in any form ; and 

deriving a key to be shared between the Mobile Node and the Home Agent from key 
information stored at the Mobile Node , wherein deriving the key from the key information 
does not include decryption of the key information . 

37. (Original) The method as recited in claim 36, wherein deriving a key from the 
key information comprises deriving the key from the key information and a CHAP challenge 
and response obtained from the registration reply. 

38. (Original) The method as recited in claim 36, wherein the key information is a 
root key, a password, or a key shared between the Mobile Node and the Home Agent in a 
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previous session. 

39. (Original) The method as recited in claim 38, wherein the registration request 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration request, wherein the SPI, the replay protection timestamp, and 
the algorithm are associated with the key information. 

40. (Original) The method as recited in claim 38, wherein the registration reply 
includes a SPI, replay protection timestamp, and indicates an algorithm to be used to 
authenticate the registration reply, wherein the SPI, the replay protection timestamp, and the 
algorithm are associated with the key information. 

41. (Original) The method as recited in claim 36, wherein the registration reply 
indicates whether the Mobile Node is to derive the shared key between the Mobile Node and 
the Home Agent, the method further comprising: 

determining from the registration reply whether the Mobile Node is to derive the key; 
wherein deriving a key is performed when it is determined from the registration reply 
that the Mobile Node is to derive the key. 

42. (Original) The method as recited in claim 41, wherein at least one of the presence 
of one or more extensions in the registration reply and an SPI in the registration reply 
indicates that the Mobile Node is to derive the shared key between the Mobile Node and the 
Home Agent. 

43. (Original) The method as recited in claim 36, wherein the registration request 
indicates that the Home Agent is to derive the shared key between the Mobile Node and the 
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Home Agent from a second set of key information received by the Home Agent. 

44. (Original) The method as recited in claim 43, wherein at least one of the presence 
of one or more extensions in the registration request and an SPI in the registration request 
indicates that the Home Agent is to derive the shared key between the Mobile Node and the 
Home Agent. 

45. (Currently Amended) A computer-readable medium storing thereon computer 
readable instructions for generating a shared key between a Home Agent and a Mobile Node 
in a server adapted for authentication, authorization, and accounting, comprising: 

instructions for receiving a request message from a Home Agent, the request message 
identifying the Mobile Node; 

instructions for deriving key information from a key or password associated with the 
Mobile Node; and 

instructions for sending a reply message to the Home Agent, the reply message 
including the key information associated with the Mobile Node, thereby enabling the Home 
Agent to derive a shared key to be shared between the Mobile Node and the Home Agent 
from the key information, wherein the reply message does not include the shared key in any 
form . 

46. (Currently Amended) A server adapted for authentication, authorization, and 
accounting, the server being adapted for generating a shared key between a Home Agent and 
a Mobile Node, comprising: 

a processor; and 
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a memory, at least one of the processor and the memory being adapted for: 
receiving a request message from a Home Agent, the request message identifying the 
Mobile Node; 

deriving key information from a key or password associated with the Mobile Node; 

and 

sending a reply message to the Home Agent, the reply message including the key 
information associated with the Mobile Node, thereby enabling the Home Agent to derive a 
shared key to be shared between the Mobile Node and the Home Agent from the key 
information, wherein the reply message does not include the shared key in any form . 

47. (Currently Amended) A server adapted for authentication, authorization, and 
accounting, the server being adapted for generating a shared key between a Home Agent and 
a Mobile Node, comprising: 

means for receiving a request message from a Home Agent, the request message 
identifying the Mobile Node; 

means for deriving key information from a key or password associated with the 
Mobile Node; and 

means for sending a reply message to the Home Agent, the reply message including 
the key information associated with the Mobile Node, thereby enabling the Home Agent to 
derive a shared key to be shared between the Mobile Node and the Home Agent from the key 
information, wherein the reply message does not include the shared key in any form . 

48. (Currently Amended) A computer-readable medium storing thereon computer- 



Atty Docket No.: CISCP334/258305 



- 11 - 



Application No. 10/635,882 



readable instructions for authenticating a Mobile Node in a Home Agent supporting Mobile 
IP, comprising: 

instructions for receiving a registration request from a Mobile Node, the registration 
request identifying the Mobile Node; 

instructions for sending a request message to a AAA server, the request message 
identifying the Mobile Node; 

instructions for receiving a reply message from the AAA server, the reply message 
including key information associated with the Mobile Node; 

instructions for deriving a key from the key information, the key being a shared key 
between the Mobile Node and the Home Agent , wherein deriving the key from the key 
information does not include decryption of the key information ; and 

instructions for sending a registration reply to the Mobile Node, wherein the 
registration reply does not include the shared key in any form . 

49. (Currently Amended) A Home Agent supporting Mobile IP, the Home Agent being 
adapted for authenticating a Mobile Node, comprising: 
a processor; and 

a memory, at least one of the processor and the memory being adapted for: 
receiving a registration request from a Mobile Node, the registration request 

identifying the Mobile Node; 

sending a request message to a AAA server, the request message identifying the 

Mobile Node; 

receiving a reply message from the AAA server, the reply message including key 
information associated with the Mobile Node; 
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deriving a key from the key information, the key being a shared key between the 
Mobile Node and the Home Agen t, wherein deriving the key from the key information does 
not include decryption of the key information ; and 

sending a registration reply to the Mobile Node, wherein the registration reply does 
not include the shared key in any form . 

50. (Currently Amended) A Home Agent supporting Mobile IP and adapted for 
authenticating a Mobile Node, comprising: 

means for receiving a registration request from a Mobile Node, the registration 
request identifying the Mobile Node; 

means for sending a request message to a AAA server, the request message 
identifying the Mobile Node; 

means for receiving a reply message from the AAA server, the reply message 
including key information associated with the Mobile Node; 

means for deriving a key from the key information, the key being a shared key 
between the Mobile Node and the Home Agent , wherein deriving the key from the key 
information does not include decryption of the key information ; and 

means for sending a registration reply to the Mobile Node, wherein the registration 
reply does not include the shared key in any form . 

5 1 . (Currently Amended) A computer-readable medium storing thereon computer- 
readable instructions for registering a Mobile Node with a Home Agent supporting Mobile 
IP, comprising: 

instructions for sending a registration request to the Home Agent; 
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instructions for receiving a registration reply from the Home Agent, the registration 
reply indicating that the Mobile Node is to derive a key to be shared between the Mobile 
Node and the Home Agent, wherein the registration reply does not include the key to be 
shared between the Mobile Node and the Home Agent in any form ; and 

instructions for deriving a key to be shared between the Mobile Node and the Home 
Agent from key information stored at the Mobile Node , wherein deriving the key from the 
key information does not include decryption of the key information . 

52. (Currently Amended) A Mobile Node adapted for registering with a Home Agent 
supporting Mobile IP, comprising: 

a processor; and 

a memory, at least one of the processor and the memory being adapted for: 
sending a registration request to the Home Agent; 

receiving a registration reply from the Home Agent, the registration reply indicating 
that the Mobile Node is to derive a key to be shared between the Mobile Node and the Home 
Agent, wherein the registration reply does not include the key in any form ; and 

deriving a key to be shared between the Mobile Node and the Home Agent from key 
information stored at the Mobile Node , wherein deriving the key from the key information 
does not include decryption of the key information . 

53. (Currently Amended) A Mobile Node adapted for registering with a Home Agent 
supporting Mobile IP, comprising: 

means for sending a registration request to the Home Agent; 

means for receiving a registration reply from the Home Agent, the registration reply 
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indicating that the Mobile Node is to derive a key to be shared between the Mobile Node and 
the Home Agent, wherein the registration reply does not include the key in any form ; and 

means for deriving a key to be shared between the Mobile Node and the Home Agent 
from key information stored at the Mobile Node , wherein deriving the key from the key 
information does not include decryption of the key information . 

54. (Previously Presented) The method as recited in claim 1, wherein deriving key 
information from a key or password associated with the Mobile Node includes: 

deriving the key information from a password, wherein the key information is not 
derived from a key. 

Please ADD new claims as follows: 

55. (New) The method as recited in claim 1, the reply message does not include the 
shared key to be shared between the Mobile Node and the Home Agent in an encrypted form 
or a decrypted form. 
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